How we use your information

The purpose of this guidance is to inform you of the way in which Surrey Heartlands use information (including personal data) about you.

The guidance on this webpage explains:

  • who we are and what we do
  • the types of information we hold about people
  • how we use this information and why we need to do this
  • who we may share your information with
  • how you can object to the way we use information or complain about this
  • how you can access a copy of the information we hold about you
  • what other rights you may have in relation to this information
  • how we keep your information secure and confidential
  • where to go if you require further information.

This guidance applies to all individuals whose information is used by Surrey Heartlands; including local NHS service users, our staff and suppliers, and visitors to our offices.

This information is known as a ‘Privacy Notice’ or ‘Fair Processing Notice’ and it is a legal obligation under data protection legislation that we provide you with this.

Covid-19 and your information

This supplementary Privacy Notice describes how Surrey Heartlands may use your information to protect you and others during the Covid-19 outbreak.

Covid-19 vaccination programme – privacy information for health and care staff

The Covid-19 vaccination programme in Surrey Heartlands is being rolled out to all health and social care workers who have frequent face-to-face contact with patients and who are directly involved in patient care in either secondary or primary care, mental health, urgent and emergency care and community settings. This includes those working in independent, voluntary and non-standard healthcare settings such as hospices, and community-based mental health or addiction services.

Surrey Heartlands, on behalf of the Local Resilience Forum, have worked with partners to establish a booking system for these individuals to receive vaccinations at various sites within Surrey Heartlands.

Your employer will provide you with information on how to sign up to receive the vaccine and will share relevant information about you with the provider of your local vaccination service to allow you to be invited for vaccination.

When it is the right time for you to receive your vaccination you will receive an invitation to come forward by email, SMS, or telephone.

We know lots of people will be keen to get protected from the virus but we are asking people not to share these vaccination booking details with friends of family as we have a limited number of vaccines to offer and need to ensure these are provided to those providing health and care services first. Other people within the community will be contacted directly for their own appointment.

Information Governance and Subject Access Requests

Information Governance

Information Governance provides a consistent way for employees to deal with the many different standards and legal rules that apply to information handling. This includes the Data Protection Act (DPA) 2018 - a United Kingdom Act of Parliament that updates data protection laws in the UK. It is a national law which complements the European Union's General Data Protection Regulation (GDPR). Therefore GDPR and the Data Protection Act 2018 should be read side by side.

Subject Access Request

Individuals have the right to access information that Surrey Heartlands holds about them by making a Subject Access Request (SAR). The GDPR has removed the fees that could previously be charged for SARs and reduced the amount of time that organisations have to respond. This right applies to all individuals including staff, employees of other organisations, service users, visitors to offices, and attendees at events.

Each NHS organisation holds their own records and we can only supply Surrey Heartlands records. If Surrey Heartlands holds the data requested and it is not legally exempt from disclosure, the information must be supplied within one month (though this can be extended by up to a further two months in some circumstances).

You can request access to information about you that we hold by contacting Surrey Heartlands Information Governance Team.

NHS national data opt-out programme - your data matters to the NHS

Information about your health and care helps us to improve your individual care, speed up diagnosis, plan your local services and research new treatments.

In May 2018, the strict rules about how this data can and cannot be used were strengthened. The NHS is committed to keeping patient information safe and always being clear about how it is used.

You can choose whether your confidential patient information is used for research and planning.

Information Commissioner's Office

The Information Commissioner’s Office (ICO) is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. A range of guidance for individuals and organisations is available via their website: